Date: Mon, 18 Jun 2018 14:05:42 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r472694 - in branches/2018Q2/multimedia/ffmpeg: . files Message-ID: <201806181405.w5IE5gGk062750@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Mon Jun 18 14:05:42 2018 New Revision: 472694 URL: https://svnweb.freebsd.org/changeset/ports/472694 Log: multimedia/ffmpeg: backport some security fixes Obtained from: upstream (FFmpeg 3.4.3) Approved by: ports-secteam blanket Added: branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-12458 (contents, props changed) branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7557 (contents, props changed) branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7751 (contents, props changed) branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-9841 (contents, props changed) Modified: branches/2018Q2/multimedia/ffmpeg/Makefile Modified: branches/2018Q2/multimedia/ffmpeg/Makefile ============================================================================== --- branches/2018Q2/multimedia/ffmpeg/Makefile Mon Jun 18 14:00:43 2018 (r472693) +++ branches/2018Q2/multimedia/ffmpeg/Makefile Mon Jun 18 14:05:42 2018 (r472694) @@ -3,6 +3,7 @@ PORTNAME= ffmpeg PORTVERSION= 3.4.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= multimedia audio ipv6 net MASTER_SITES= https://ffmpeg.org/releases/ Added: branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-12458 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-12458 Mon Jun 18 14:05:42 2018 (r472694) @@ -0,0 +1,32 @@ +commit bd1fd3ff4b0437153a6c4717f59ce31a7bba8ca0 +Author: Michael Niedermayer <michael@niedermayer.cc> +Date: Mon May 21 23:08:05 2018 +0200 + + avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header() + + Fixes truncation + Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169 + Fixes: ffmpeg_crash_2.avi + + Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart + + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + (cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8) + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavcodec/mpeg4videoenc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git libavcodec/mpeg4videoenc.c libavcodec/mpeg4videoenc.c +index 494452c938..f6a5992df7 100644 +--- libavcodec/mpeg4videoenc.c ++++ libavcodec/mpeg4videoenc.c +@@ -882,7 +882,7 @@ void ff_set_mpeg4_time(MpegEncContext *s) + + static void mpeg4_encode_gop_header(MpegEncContext *s) + { +- int hours, minutes, seconds; ++ int64_t hours, minutes, seconds; + int64_t time; + + put_bits(&s->pb, 16, 0); Added: branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7557 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7557 Mon Jun 18 14:05:42 2018 (r472694) @@ -0,0 +1,51 @@ +commit ae49cc73f265a155e5c4b1715570aab3d9741b4d +Author: Michael Niedermayer <michael@niedermayer.cc> +Date: Mon Feb 26 03:02:48 2018 +0100 + + avcodec/utvideodec: Check subsample factors + + Fixes: Out of array read + Fixes: heap_poc + + Found-by: GwanYeong Kim <gy741.kim@gmail.com> + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + (cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96) + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavcodec/utvideodec.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git libavcodec/utvideodec.c libavcodec/utvideodec.c +index d888cc3cdf..ebd9d55cf2 100644 +--- libavcodec/utvideodec.c ++++ libavcodec/utvideodec.c +@@ -30,6 +30,7 @@ + #define UNCHECKED_BITSTREAM_READER 1 + + #include "libavutil/intreadwrite.h" ++#include "libavutil/pixdesc.h" + #include "avcodec.h" + #include "bswapdsp.h" + #include "bytestream.h" +@@ -789,6 +790,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, + static av_cold int decode_init(AVCodecContext *avctx) + { + UtvideoContext * const c = avctx->priv_data; ++ int h_shift, v_shift; + + c->avctx = avctx; + +@@ -886,6 +888,13 @@ static av_cold int decode_init(AVCodecContext *avctx) + return AVERROR_INVALIDDATA; + } + ++ av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &h_shift, &v_shift); ++ if ((avctx->width & ((1<<h_shift)-1)) || ++ (avctx->height & ((1<<v_shift)-1))) { ++ avpriv_request_sample(avctx, "Odd dimensions"); ++ return AVERROR_PATCHWELCOME; ++ } ++ + return 0; + } + Added: branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7751 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-7751 Mon Jun 18 14:05:42 2018 (r472694) @@ -0,0 +1,37 @@ +commit 3fa6e594a0f2575ddb6b2183961fde42ab5ab37b +Author: Michael Niedermayer <michael@niedermayer.cc> +Date: Sat Mar 10 01:40:36 2018 +0100 + + avformat/img2dec: fix infinite loop + + Fixes: kira-poc + + Found-by: Kira <kira_cxy@foxmail.com> + Change suggested by Kira + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + (cherry picked from commit a6cba062051f345e8ebfdff34aba071ed73d923f) + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavformat/img2dec.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git libavformat/img2dec.c libavformat/img2dec.c +index ecf64eaffa..2585634e7c 100644 +--- libavformat/img2dec.c ++++ libavformat/img2dec.c +@@ -878,10 +878,14 @@ static int svg_probe(AVProbeData *p) + { + const uint8_t *b = p->buf; + const uint8_t *end = p->buf + p->buf_size; ++ + if (memcmp(p->buf, "<?xml", 5)) + return 0; + while (b < end) { +- b += ff_subtitles_next_line(b); ++ int inc = ff_subtitles_next_line(b); ++ if (!inc) ++ break; ++ b += inc; + if (b >= end - 4) + return 0; + if (!memcmp(b, "<svg", 4)) Added: branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-9841 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/multimedia/ffmpeg/files/patch-CVE-2018-9841 Mon Jun 18 14:05:42 2018 (r472694) @@ -0,0 +1,30 @@ +commit 43916494f8cac6ed294309e70de346e309d51058 +Author: Michael Niedermayer <michael@niedermayer.cc> +Date: Fri Mar 30 02:16:31 2018 +0200 + + avfilter/vf_signature: use av_strlcpy() + + Fixes: out of array access + + Found-by: Kira <kira_cxy@foxmail.com> + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + (cherry picked from commit 35eeff30caf34df835206f1c12bcf4b7c2bd6758) + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavfilter/vf_signature.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git libavfilter/vf_signature.c libavfilter/vf_signature.c +index f0078ba1a6..d07b213f31 100644 +--- libavfilter/vf_signature.c ++++ libavfilter/vf_signature.c +@@ -576,7 +576,8 @@ static int export(AVFilterContext *ctx, StreamContext *sc, int input) + /* error already handled */ + av_assert0(av_get_frame_filename(filename, sizeof(filename), sic->filename, input) == 0); + } else { +- strcpy(filename, sic->filename); ++ if (av_strlcpy(filename, sic->filename, sizeof(filename)) >= sizeof(filename)) ++ return AVERROR(EINVAL); + } + if (sic->format == FORMAT_XML) { + return xml_export(ctx, sc, filename);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806181405.w5IE5gGk062750>